HLBR: decoders/decode_dns.c Source File

00001 #include "decode_dns.h"
00002 #include "decode_udp.h"
00003 #include "../packets/packet.h"
00004 #include <stdio.h>
00005 #include <stdlib.h>
00006 #include <netinet/in.h>
00007 
00008 //#define DEBUG
00009 
00010 extern GlobalVars       Globals;
00011 
00012 int     UDPDecoderID;
00013 
00014 /*********************************************
00015 * Convert raw DNS data to human readable data
00016 **********************************************/
00017 int DNS2Human(char* DNS, char* Human, int HumanLen){
00018         int             i;
00019 #ifdef DEBUGPATH
00020         printf("In DNS2Human\n");
00021 #endif  
00022 
00023         i=1;
00024         while (DNS[i] != 0x00){
00025                 if (i >= HumanLen) return FALSE;
00026                 switch (DNS[i]){
00027                 case 0x01:
00028                 case 0x02:
00029                 case 0x03:
00030                 case 0x04:
00031                 case 0x05:
00032                 case 0x06:
00033                 case 0x07:
00034                         Human[i-1]='.';
00035                         break;
00036                 default:
00037                         Human[i-1]=DNS[i];
00038                 }
00039                 i++;
00040         }
00041         
00042         Human[i-1]=0x00;
00043         
00044         return TRUE;
00045 }
00046 
00047 /***************************************
00048 * Apply the dns decoding
00049 * until I figure out a better way, dns
00050 * only lives on UDP port 53
00051 * TODO: Generate a log if the query is too long
00052 ****************************************/
00053 void* DecodeDNS(int PacketSlot){
00054         DNSData*                data;
00055         UDPData*                udp_data;
00056         PacketRec*              p;
00057         int                             i;
00058         unsigned short  Flags;
00059         
00060 #ifdef DEBUGPATH
00061         printf("In DecodeDNS\n");
00062 #endif
00063 
00064 #ifdef DEBUG
00065         printf("Decoding DNS Header\n");
00066 #endif
00067 
00068         p=&Globals.Packets[PacketSlot];
00069 
00070         if (!GetDataByID(PacketSlot, UDPDecoderID, (void**)&udp_data)){
00071                 printf("Failed to get UDP header data\n");
00072                 return NULL;
00073         }
00074         
00075         if ( (ntohs(udp_data->Header->dest)==53) || (ntohs(udp_data->Header->source)==53)){
00076 #ifdef DEBUG
00077                 printf("It's on UDP 53, assume it's DNS\n");
00078 #endif  
00079         }else{
00080 #ifdef DEBUG
00081                 printf("It's not on UDP 53, bail.\n");
00082 #endif          
00083                 return NULL;
00084         }       
00085                 
00086         data=malloc(sizeof(DNSData));
00087         data->Header1=(DNSHeader1*)(p->RawPacket+p->BeginData);
00088         if (ntohs(data->Header1->Questions)>MAX_DNS_QUESTIONS){
00089 #ifdef DEBUG
00090                 /*TODO: make this an actual alert*/
00091                 printf("Unusual number of questions. Not DNS?\n");
00092 #endif  
00093                 return NULL;
00094         }
00095         p->BeginData+=sizeof(DNSHeader1);
00096         
00097         
00098         Flags=ntohs(data->Header1->Flags);
00099         if (Flags & DNS_FLAG_QUERY){
00100 #ifdef DEBUG     
00101                 printf("This is a query reply\n");
00102 #endif          
00103         }else{
00104 #ifdef DEBUG    
00105                 printf("This is a query\n");
00106 #endif          
00107                 /*pull out the questions*/
00108                 for (i=0;i<ntohs(data->Header1->Questions);i++){
00109                         DNS2Human((char*)(p->RawPacket+p->BeginData), data->Q[i].Query, MAX_DNS_QUERY_LEN);
00110                         //data->Q[i].Query=(unsigned char*)(p->RawPacket+p->BeginData);
00111 #ifdef DEBUG
00112                         printf("Query %i is %s\n",i, data->Q[i].Query);
00113 #endif          
00114                 }        
00115         }
00116                 
00117         return data;
00118 }
00119 
00120 /*************************************
00121 * Set up the decoder
00122 *************************************/
00123 int InitDecoderDNS(){
00124         int DecoderID;
00125 
00126 #ifdef DEBUGPATH
00127         printf("In InitDecoderDNS\n");
00128 #endif
00129         
00130         if ((DecoderID=CreateDecoder("DNS"))==DECODER_NONE){
00131 #ifdef DEBUG
00132                 printf("Couldn't Allocate DNS Decoder\n");
00133 #endif  
00134                 return FALSE;
00135         }
00136         
00137         Globals.Decoders[DecoderID].DecodeFunc=DecodeDNS;
00138         if (!DecoderAddDecoder(GetDecoderByName("UDP"), DecoderID)){
00139                 printf("Failed to Bind DNS Decoder to UDP Decoder\n");
00140                 return FALSE;
00141         }
00142 
00143         UDPDecoderID=GetDecoderByName("UDP");
00144 
00145         return TRUE;
00146 }